+https://<i></i>contoso.sharepoint.<i></i>com/sites/*project-y*

+It can take about 10 minutes to change the site address (depending on the size of the site), and the site is read-only during this time. We recommend changing addresses during times when site usage is low.

+You can change the address of up to 100 sites at a time. To change another site address, wait for ongoing changes to finish.

+- Users should check the site recycle bin to make sure it contains no files they want to keep

+ >

+ > When you change a site address, we create a redirect at the previous address. If you want to reuse the previous address, you need to delete the redirect. [Learn how](manage-site-redirects.md)

+You need to recreate the Custom Form after the site address change.

+If the site is associated with a hub, it must be reassociated after the site address is changed.

+**Microsoft Forms**

+**OneNote**

+- OneNote for Windows 10 ΓÇô Version 16.0.8431.1006 and later

+- OneNote mobile app ΓÇô Version 16.0.8431.1011 and later

+**Permissions**

+**Recent lists inside Office apps**

+**SharePoint mobile apps for Android and iOS**

+**SharePoint web parts**

+Any embedded URLs in any SharePoint web parts (News, List, etc.) won't be updated and may break. This includes page thumbnail images in news posts existing on the site. After the site address is changed, you might need to update individual web parts to use the new URL.

+**Sharing links**

+**Site customizations and embedded code**

+**Synced locations**

+The OneDrive sync app will automatically detect and seamlessly transfer syncing to the new site URL after the site address has been changed. Users don't need to sign in again or take any other action. (Version 17.3.6943.0625 or later of the sync app required.)

+If a user updates a file while the site address is being changed, they see a message that file uploads are pending during the change.

+**Microsoft 365 groups**

+The email address of the group won't be renamed. The group name is updated only if the site name is updated during the rename process.

+**Teams (for Microsoft 365 group-connected sites)**

+A clear vision statement provides critical guidance to the inevitable decision tradeoffs you need to make for your governance plan. For example, you probably don't want a completely uncontrolled environment with unstructured and ΓÇ£unfindableΓÇ¥ content if your intranet vision is to provide a key source of organizational knowledge and information. In this case, the unstructured environment with no controls is unpredictable and will likely misalign with desired business outcomes. In a different scenario, some users may have a goal to create an experimental place where new site owners can create ΓÇ£practiceΓÇ¥ sites to try out new skills or test alternative approaches to solve specific business problems. For this use case, an overly restrictive governance plan may not make much sense. You may determine that you donΓÇÖt want to support an unlimited number of ΓÇ£practiceΓÇ¥ sites, so you may want a governance policy that says that all ΓÇ£testΓÇ¥ sites are deleted after a specific period of time. But, for these practice or test sites, the unstructured environment is fine. You can only know what is level of governance is ideal because you have a clear vision. The vision provides a framework for both the context and your investment in governance. Once you're clear about your intranet vision, your governance team can use that vision to guide the governance decisions.

+In addition to providing a process to provision new sites, you'll also want to think about a process to provision new [hubs](./planning-hub-sites.md) and associated hubs. Hubs must be provisioned by the Global Administrator or SharePoint Administrator so you need to think about how you'll plan and govern the creation of new hubs.

+- **Search experiences** ΓÇô understanding how users find content when they donΓÇÖt know where it might be in the architecture and how they discover content. You can help users discover content and improve search outcomes by using several features in search, including acronyms, bookmarks, Q&A, floor plans, and locations. For more information, learn how to [make content easy to find](/microsoftsearch/make-content-easy-to-find) and how [search experiences](./get-started-with-modern-search-experience.md) work in SharePoint. Your governance plan should include how you'll support and manage the creation of the search discovery attributes.

+Your governance plan shouldn't only include what *should* be posted on the intranet ΓÇô but it should also include guidelines for content that *shouldn't* be posted on the intranet. You may be able to enforce some policies using [automated information protection](/microsoft-365/compliance/protect-information) capabilities, but you want to provide training and guidance for site owners and content authors to ensure that they understand their responsibilities when it comes to security and information management for both sites and content.

+It ΓÇ£takes a villageΓÇ¥ to successfully support an intranet in any organization. You need a team - and the team may include specialized roles that you use on an occasional basis, such as developers to create a custom web part, permanent roles such as site owners for whom intranet site management is a small part of their job, and other permanent roles for people whose entire job responsibilities involve intranet management. Some organizations find it helpful to organize their intranet resources in a center of excellence, which may include full time members of the IT staff supplemented with virtual members who work in different business groups around the organization. Others extend their centralized staff to include ΓÇ£[intranet champions](https://www.microsoft.com/microsoft-365/success/champions),ΓÇ¥ who extend the support team into various departments and geographic locations by volunteering to help ensure intranet success.

+ - Get a core team together to think about governanceΓÇömake sure you align your governance decisions to business goals.

+ - Don't assume you have to launch with a "big bang"ΓÇöalign communications and training with your launch plan.

+ - Gather outcomes, not requirementsΓÇöbe sure to talk to site users, not just owners.

+ - Design to align to your organization standardsΓÇöbut allow the site "story" to dictate the navigation and page layouts.

+ - Test your proposed navigation with site visitorsΓÇömake sure that visitors can easily get to their top tasks.

+*Start byΓÇöDeveloping an understanding about what you need your intranet to accomplish and start organizing content assets to align with key outcome goals. Organize depending on the needs of the businessΓÇöby region, department, or functionΓÇöand by the topics that your users care about.

+*Start byΓÇöAnswer, do you need a consistent brand across all sites or will different divisions, departments, or groups in your organization have their own look and feel? Then, collect approved brand assets like brand colors, logos, and images depending on your organization's branding requirements.

+IT Pros and admins implement the needed platform integration steps needed by your business owners for their intranet portalsΓÇösuch as with databases or line-of-business applications. This may include content migration from existing systems. They also work with other stakeholders and the business to determine a governance strategy for the intranet and train people in the organization to use SharePoint and other tools to manage the intranet.

+Governance is the set of policies, roles, and processes that control how your organization's business divisions and IT teams work together to achieve its goalΓÇöensuring organization content and communications are secure and viewers benefit from a consistent experience. Every organization has unique needs and goals that influence its approach to governance. Some details to consider when planning your [governance strategy](./governance-overview.md): naming conventions, guest access, classification of sites, groups, and files.

+Train your users to take advantage of SharePoint's automated versioning ΓÇö and remove version IDs and dates from file names wherever possible, migrating only the latest and most accurate version. Better still, see if you can convert legacy documents to modern pages to create more engaging and easier to consume content. You get better search experiences and achieve higher user satisfaction and easier maintenance by removing content that's no longer needed prior to migration.

+*Start by* ΓÇö Prioritizing business objectives, and then decide the type of sites and web parts that are needed initially.

+- Introduction to key success factors and considerations

+### Related articles

+There are two ways [live events in Viva Engage can be produced](https://support.microsoft.com/office/organize-a-live-event-in-viva-engage-7338782a-4f0b-4fd0-a6c3-33625906ead1). The requirements depend on which video production methods you intend to use in your organization. Learn more about which method of live event you should use. For live events that only require visual and audio support, consider [hosting a live event using Viva Engage in Teams](https://support.microsoft.com/office/schedule-and-produce-a-live-event-in-new-yammer-using-teams-d891bff6-eda2-493f-8b0d-d87932e7937d).

+[Configure a Content Search Web Part in SharePoint](https://support.office.com/article/0dc16de1-dbe4-462b-babb-bf8338c36c9a) (CSWP) offers much flexibility for configuring the query it contains. However, if you configure the Web Part to use a complex query, or if you have many CSWPs on a page, the page can take longer time to load. To make the page load faster, you can configure the CSWP to cache search results for users who belong to the same AD security groups. Because it's faster to look up search results in the cache than in the search index, the page loads faster.

+* If [AI Builder](/ai-builder/overview) document processing isn't enabled, the freeform selection method and layout method won't be visible to users on the **Options for model creation** page.

+ * The information is available in the values of the columns in the library.

+* The [default environment for the Power Platform](/power-platform/admin/environments-overview#the-default-environment) is used for all document processing models built through these options.

+When you configure SharePoint Server with Active Directory Federation Services (AD FS) using OpenID Connect (OIDC) authentication, you need the following resources to perform the configuration:

+1. A SharePoint Server Subscription Edition farm.

+In this step, you need to modify the SharePoint Server farm properties based on the version of your SharePoint Server.

+> [!Note]

+> Start the SharePoint Management Shell as a farm administrator to run the following script. Read the instructions mentioned in the following PowerShell script carefully. You will need to enter your own environment-specific values in certain places.

+- For more information on configuring SharePoint farm properties for SharePoint Server Subscription Edition Version 24H1, see [Configure SPSE Version 24H1 or higher version](#configure-sharepoint-server-subscription-edition-version-24h1-or-higher-versions).

+- For more information on configuring SharePoint farm properties for SharePoint Server Subscription Edition Version preceding 24H1, see [Configure SPSE prior to Version 24H1](#configure-sharepoint-server-subscription-edition-prior-to-version-24h1).

+#### Configure SharePoint Server Subscription Edition Version 24H1 or higher versions

+Starting with SharePoint Server Subscription Edition Version 24H1 (March 2024), you can configure SharePoint Server farm properties by employing SharePoint Certificate Management to manage the nonce cookie certificate. The nonce cookie certificate is part of the infrastructure to ensure OIDC authentication tokens are secure. Run the following script to configure:

+# Set up farm properties to work with OIDC

+# Create the Nonce certificate

+# Import certificate to Certificate Management

+$certPath = <path to save the exported cert>

+$certPassword = ConvertTo-SecureString -String <password> -Force -AsPlainText

+Export-PfxCertificate -Cert $cert -FilePath $certPath -Password $certPassword

+$nonceCert = Import-SPCertificate -Path $certPath -Password $certPassword -Store "EndEntity" -Exportable:$true

+$farm = Get-SPFarm

+$farm.UpdateNonceCertificate($nonceCert,$true)

+```

+#### Configure SharePoint Server Subscription Edition prior to Version 24H1

+```powershell

+# Set up farm properties to work with OIDC

+$cert = New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider' -Subject "CN=SharePoint Cookie Cert"

+# If you have multiple SharePoint servers in the farm, you need to export the certificate by Export-PfxCertificate and import the certificate to all other SharePoint servers in the farm by Import-PfxCertificate.

+# After the certificate is successfully imported to SharePoint Server, we will need to grant access permission to the certificate's private key.

+# Replace the <web application pool account> with the real application pool account of your web application

+# Update farm properties

+$farm = Get-SPFarm

+$farm.Properties['SP-NonceCookieCertificateThumbprint']=$cert.Thumbprint

+$farm.Properties['SP-NonceCookieHMACSecretKey']='seed'

+$farm.Update()

+In this step, you'll create a `SPTrustedTokenIssuer` that will store the configuration that SharePoint needs to trust AD FS as an OIDC provider. Start the SharePoint Management Shell as a farm administrator and run the following script to create it:

+> Read the instructions mentioned in the following PowerShell script carefully. You will need to input environment-specific values in several places.

+# Replace <Client Identifier> with the value you saved in step #3 of AD FS Setup section

+$clientIdentifier = "<Your Client Identifier>"

+The `New-SPTrustedIdentityTokenIssuer` PowerShell cmdlet is extended to support OIDC by using the following parameters:

+> The public key of the AD FS signing certificate must be added to the store. Start the SharePoint Management Shell and run the following script to add the certificate:

+In this step, you'll configure a web application in SharePoint to use AD FS OIDC authentication, using the `SPTrustedIdentityTokenIssuer` that was created in the previous step.

+> - The SharePoint URL that will use AD FS OIDC federation must be configured with HTTPS.

+You can complete this configuration either by:

+ ```powershell

+ # This script creates a trusted authentication provider for OIDC

+ $sptrust = Get-SPTrustedIdentityTokenIssuer "contoso.local"

+ $trustedAp = New-SPAuthenticationProvider -TrustedIdentityTokenIssuer $sptrust

+ ```

+ 4. Open the web application you created, choose "Authentication Providers" in the Ribbon, click the link for the "Default" zone, and pick **contoso.local** as **Trusted Identity Provider**.

+ :::image type="content" source="../media/authentication-providers-3.jpg" alt-text="Authentication Providers 3":::

+

+ :::image type="content" source="../media/alternate-access-mapping-collection.png" alt-text="Alternate Access Mapping Collection-1":::

+ 1. Start the SharePoint Management Shell and run PowerShell to extend the web application:

+ **Example:**

+ ```powershell

+ # Get the trusted provider

+ $sptrust = Get-SPTrustedIdentityTokenIssuer "Contoso.local"

+ $ap = New-SPAuthenticationProvider -TrustedIdentityTokenIssuer $sptrust

+ # Get the web app

+ $wa = Get-SPWebApplication http://spsites

+ # Extend the web app to the "Intranet" zone using trusted provider auth and a SharePoint managed certificate called "SharePoint OIDC Site"

+ New-SPWebApplicationExtension -Identity $wa -Name "spsites" -port 443 -HostHeader 'spsites.contoso.local'-AuthenticationProvider $ap -SecureSocketsLayer -UseServerNameIndication -Certificate 'SharePoint OIDC Site' -Zone 'Intranet' -URL 'https://spsites.contoso.local'

+ ```

+ 2. Navigate to **System Settings** > **Configure Alternate Access Mappings** > **Alternate Access Mapping Collection**.

+ 3. Filter the display with the web application that was extended and confirm that you see the following information:

+ :::image type="content" source="../media/alternate-access-mapping-collection-2.png" alt-text="Alternate Access Mapping Collection":::

+Since OpenID Connect 1.0 authentication can only work with HTTPS protocol, a certificate must be set on the corresponding web application. If you have not already done so, perform the following steps to set a certificate:

+ > [!NOTE]

+ > You may skip this step if you have already generated the certificate.

+ 1. Open the SharePoint PowerShell console.

+ 2. Run the following script to generate a self-signed certificate and add it to the SharePoint farm:

+ ```powershell

+ New-SPCertificate -FriendlyName "Contoso SharePoint (2021)" -KeySize 2048 -CommonName spsites.contoso.local -AlternativeNames extranet.contoso.local, onedrive.contoso.local -OrganizationalUnit "Contoso IT Department" -Organization "Contoso" -Locality "Redmond" -State "Washington" -Country "US" -Exportable -HashAlgorithm SHA256 -Path "\\server\fileshare\Contoso SharePoint 2021 Certificate Signing Request.txt"

+ Move-SPCertificate -Identity "Contoso SharePoint (2021)" -NewStore EndEntity

+ ```

+ > [!IMPORTANT]

+ > Self-signed certificates are suitable only for test purposes. In production environments, we strongly recommend that you use certificates issued by a certificate authority instead.

+ You can use the following PowerShell cmdlet to assign the certificate to the web application:

+ ```powershell

+ Set-SPWebApplication -Identity https://spsites.contoso.local -Zone Default -SecureSocketsLayer -Certificate "Contoso SharePoint (2021)"

+ ```

+Once the site collection is created, you should be able to sign-in using either the Windows or the federated (AD FS OIDC) site collection administrator account.

+In OIDC authentication, the People Picker doesn't validate the input, which can lead to misspellings or users accidentally selecting the wrong claim type. This can be addressed either by using a Custom Claims Provider, or by using the new UPA-backed claim provider included in SharePoint Server Subscription Edition. To configure a UPA-backed claim provider, see [Enhanced People Picker for modern authentication](/sharepoint/administration/enhanced-people-picker-for-trusted-authentication-method).